Skip to content
MozDef: The Mozilla Defense Platform
Branch: master
Clone or download
pwnbus Merge pull request #1226 from darakian/handle-ImportError-in-schedule
Add case to pass on import errors (after logging)
Latest commit cf47d3d Apr 19, 2019
Type Name Latest commit message Commit time
Failed to load latest commit information.
alerts Merge pull request #1226 from darakian/handle-ImportError-in-schedule Apr 19, 2019
bot Specifically reconnect in slackbot exception Apr 9, 2019
cloudy_mozdef Use systemd to launch docker containers Apr 19, 2019
config Update missing references to alertactions in syslog configs Mar 21, 2019
cron Remove unused ES code from health to mongo script Apr 18, 2019
docs Merge pull request #1218 from mozilla/update_installation_warning_docs Apr 18, 2019
loginput Fixup unused variables check Dec 14, 2018
mozdef_util Bump mozdef-util version to 1.0.8 Apr 16, 2019
rest Revert "ES 6 Upgrade changes" Mar 25, 2019
systemdfiles Fixup remaining mozdefalertplugin references Mar 22, 2019
tests Update vulnerability plugin test Apr 11, 2019
.flake8 Exclude mozdef_util build directory from flake8 checks Apr 9, 2019
.travis.yml Define python version for Travis Apr 8, 2019
CHANGELOG Modifying urls to point to mozilla from jeffbryner, slight readabilit… Jun 15, 2017
Makefile Use systemd to launch docker containers Apr 19, 2019 Update docs to point to current release Apr 16, 2019

Build Status Documentation Status

MozDef: The Mozilla Defense Platform


The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.

The Mozilla Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.


  • Provide a platform for use by defenders to rapidly discover and respond to security incidents.
  • Automate interfaces to other systems like bunker, cymon, mig
  • Provide metrics for security events and incidents
  • Facilitate real-time collaboration amongst incident handlers
  • Facilitate repeatable, predictable processes for incident handling
  • Go beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automation


MozDef is in production at Mozilla where we are using it to process over 300 million events per day.

Give MozDef a Try in AWS:

Launch MozDef


You can’t perform that action at this time.